Air Force Audit Agency Integrity - Service - Excellence Fraud Related Internal Controls James B. Kojak Jan 24, 2012 Overview Prevalence of fraud Benefits of effective ICs Internal control design Implementation Evaluation of internal controls Limitations of internal controls Summary Integrity - Service - Excellence Qualifications & Experience CPA, CFE, CIA, CGFM BA Accounting MS Public Administration Master of Military Art and Science Over 22 years experience DLA Internal Review & Accounting AFAA since 1992 – Auditor/Audit Manager/Team Chief Experience Financial and Performance Auditing Fraud Investigations Internal Controls Integrity - Service - Excellence Prevalence of Fraud Fraud is common & increasing MF Global Bernie Madoff Enron, World Com, Tyco, etc. Wells Fargo, BoA, Citigroup, UBS Most fraud is not made public Major disincentives for organizations to disclose or report fraud Estimated that hundreds of billions of dollars are mishandled each year Integrity - Service - Excellence Benefits of Effective Internal Controls Ensure effective operations Prevents most, not all fraud – major exceptions – senior mgmt/collusion Adds creditability to the summary business performance data Provides timely, accurate, and reliable information Safeguards assets from waste Promotes compliance with the law Integrity - Service - Excellence Definitions of Internal Control “Internal control is a system, plan of action and philosophy built into the operating activity of the business to help ensure the actual events and activities that occur comply with the owner/managers expectations, intent and goals.” Michael F. Trebesh, Alma College Integrity - Service - Excellence Designing Effective ICs To be effective, ICs must ensure: Physical assets and information are properly accounted for and safeguarded Financial and operating data is useful, complete, competent, and timely Compliance with federal, state and local laws and ordinances Integrity - Service - Excellence Internal Control Design Properly designed control systems are based on six basic principles:: segregation of duties establishment of responsibility and accountability proper documentation of transactions physical and mechanical security devices independent internal verification other controls Integrity - Service - Excellence Separation of Duties Create a system of checks and balances by separating transactions into parts performed by different persons: AUTHORIZATION - a qualified individual should have the responsibility to authorize and approve RECORDING - one or more qualified employees should be assigned the responsibility for proper recording of all authorized transactions CUSTODY OF ASSETS - the responsibility for custody, safeguarding and limiting access to franchise assets should be assigned to an appropriate employee or employees Integrity - Service - Excellence Responsibility and Accountability The clear establishment of responsibilities and holding people accountable are essential RESPONSIBILITIES – should be clearly defined Policy and procedure manuals Job descriptions that establish clear lines of authority and responsibilities Remember – authority and responsibility go hand in hand ACCOUNTABILITY – is a must if people are to adhere to the rules and perform their duties responsibly Performance feedback – formal ratings at regular intervals An work environment that communicates expectations and demands ethical conduct An effective disciplinary system Integrity - Service - Excellence Proper Documentation The clear establishment of responsibilities and holding people accountable are essential RESPONSIBILITIES – should be clearly defined Policy and procedure manuals Job descriptions that establish clear lines of authority and responsibilities Remember – authority and responsibility go hand in hand ACCOUNTABILITY – is a must if people are to adhere to the rules and perform their duties responsibly Performance feedback – formal ratings at regular intervals An work environment that communicates expectations and demands ethical conduct An effective disciplinary system Integrity - Service - Excellence Physical Security Properly designed control systems are based on six basic principles:: segregation of duties establishment of responsibility and accountability proper documentation of transactions physical and mechanical security devices independent internal verification other controls Integrity - Service - Excellence Independent Internal Verification Properly designed control systems are based on six basic principles:: segregation of duties establishment of responsibility and accountability proper documentation of transactions physical and mechanical security devices independent internal verification other controls Integrity - Service - Excellence Other Controls Good internal control absolutely, positively, begins at the top – management sets the tone The best designed system of IC is useless if not implemented The more strictly the IC structure is adhered to the better If it doesn't work – change it If you don’t need it – eliminate it Integrity - Service - Excellence Evaluation of Internal Controls Periodic review and assessment is required Is the internal control system: Working as designed? Accomplishing the intended goals? Given changes in mission, staffing, policy, or business conditions, is the IC system still effective? Integrity - Service - Excellence Limitations of Internal Controls Prevalence of fraud Benefits of effective ICs Internal control design Implementation Evaluation of internal controls Limitations of internal controls Summary Integrity - Service - Excellence Summary Fraud is common & costly ICs are the key to prevention Design must be specific Implementation is everything Constant evaluation needed IC can’t prevent all fraud Integrity - Service - Excellence Questions/Comments? Fraud Related Internal Controls 10 Minute Break Lunch Integrity - Service - Excellence